KR101048843B1 - Configurable Cable Card - Google Patents

Abstract

According to one embodiment of the invention, a configurable cable card is provided that is adaptable for use by multiple conditional access (CA) providers. The cablecard includes core logic, a first CA logic block, and a second CA logic block configured to descramble the incoming scrambled content. The first CA logic block coupled to the core logic uses a first CA function associated with the first CA provider. The second CA logic block is also coupled to the core logic. The second CA logic block uses a second CA function associated with a second CA provider. When the incoming content is scrambled according to the second CA function, the connection between the first CA logic block and the core logic is disabled.

Description

Configurable Cable Cards {CONFIGURABLE CABLECARD}

This application is based on US Provisional Application No. 60 / 469,768, filed May 12, 2003, which is incorporated herein by reference.

Embodiments of the present invention are in the field of communications. More specifically, one embodiment of the present invention is directed to a configurable module adapted to a digital device.

Analog communication systems are rapidly giving way to their digital counterparts. Digital television is currently scheduled to be available nationwide. High-definition television (HDTV) broadcasting has already begun in most major cities on limited soil. Similarly, the explosive growth of the Internet and the World Wide Web has led to a growing growth in the number of downloadable audio-video files, including audio files in MP-3 format.

At the same time, and in part because of this rapid movement into digital communication systems, significant progress has been made in digital recording devices. Digital versatile disc (DVD) recorders, digital VHS video cassette recorders (D-VHS VCRs), CD-ROM recorders (eg CD-R and CD-RW), MP3 recording devices, and hard disk based recording units are only digital As representing the recording device, this digital recording device can produce high quality recordings and copies without any increased tampering known in the analog counterpart.

This raises interest for content providers, such as the moving picture and music industry, who are reluctant to provide downloadable digital content due to fear of unauthorized and uncontrolled copying of digital content.

In response, content and service providers have been asking consumer electronics manufacturers of retail navigation or host devices, such as set top boxes or digital TVs, to place the devices with conditional access (CA) slots. Service providers, such as cable operators, purchase modules for insertion into CA slots from current CA providers for a particular cable system. These modules, hereinafter referred to as "cablecards", are PCMAIA form factor devices that plug into CA slots on the host device. The service provider provides these modules to better ensure that the owner of the host device has paid for the services and programs being consumed.

The cable card will descramble the content selectively, i.e. only if the consumer is authorized. The cablecard is designed to descramble the scrambled content into a definite format for viewing and / or listening, with restrictions on recording and playback when copy-protected through rescrambling as the content flows back to the host device and May include conditions. This enables the content or service provider to scramble the content prior to transmission to the targeted retail device (s).

The cable card communicates with the host device and handles the descrambling operation. Currently, each cable card is statically configured for a single CA provider at design time. That is, each cable card is configured exclusively by each CA manufacturer or provider to descramble content scrambled by the original CA provider at the relay station, broadcast station, or uplink. Service providers, such as cable operators, for example, continue to purchase cable cards from CA providers and keep them close to meet the needs of consumers who want to use their set-top boxes or DTVs purchased in retail. . However, for different CA providers, which may then be found in different cable systems owned by that service provider, or if the service provider wants to use it if they want to change the CA provider in a particular system, You cannot reinvent (ie change) a card. This lack of flexibility in cable cards has led to increased costs for cable cards due to the unconfigurable nature of the cable card. The service provider is in close contact with the CA provider that manufactures the cable card. It would be nice if the service operator could purchase a cable card that could be re-intentioned when the CA provider for a particular system needs to be changed.

In addition, concerns about cable card security continue to discourage further development. Thus, additional security features are also required to ensure wide deployment of the cable card. Similarly, it would be desirable to have a cable card that can address the security concerns of many CA providers.

Embodiments of the invention are shown by way of example and not by way of limitation in the figures of the drawings in which like reference numerals designate like elements.

Various embodiments of the present invention relate to a configurable cable card for preventing data transmission. In one embodiment, this prevention is related to descrambling and / or decrypting digital content from the service provider internally within the cable card. Examples of "service providers" include, but are not limited to, terrestrial broadcasters, cable operators, direct broadcast satellite (DBS) companies, or companies providing downloadable content via the Internet.

In the US cable industry, detachable conditional access modules are called "cablecards", while in the terrestrial and satellite industries in Europe, they are called "common interface modules". Both are PCMCIA type 2 type element based, and the invention described herein equally well applies to a common interface module.

The cable card is a detachable security element, but the invention described herein applies equally well to embedded security modules. The embedded security module may be a separate integrated circuit (IC) mounted in the set top box, or may be integrated into the same IC as the decoder IC.

In the description that follows, specific terminology is used to describe features of the present invention. For example, each term "component", "logic" or "block" refers to hardware and / or software that is configured to perform one or more functions. Examples of "hardware" include, but are not limited to, a field-programmable gate array (FPGA), a programmable logic device (PLD), or an integrated circuit (IC). The IC may include a processor such as a microprocessor, an application specific IC (ASIC), a digital signal processor or a micro-controller.

Similarly, "software" includes a series of executable instructions in the form of an application, applet, or even routine. The software may be stored on any form of machine readable medium. Machine-readable media may be used in semiconductor memory devices such as programmable electronic circuitry, volatile memory (eg, RAM, etc.) and / or non-volatile memory (eg, any form of read-only memory " ROM ", flash memory, floppy diskettes, Optical discs (eg, CD or digital video disc " DVD "), hard drive discs or tapes, and the like.

Also, a "message" is a set of bits that form a digital signal. "Interconnect" is a transmission medium that may include, but is not limited to, a wireless channel established by one or more wires, optical fibers, cables, or a radio transmitting circuit.

1 illustrates an exemplary embodiment of a secure content delivery system implemented with a digital device that includes a receiver in communication with a configurable cable card.

FIG. 2 illustrates a first exemplary embodiment of the digital device of FIG. 1 featuring a configurable cable card. FIG.

3 illustrates a second exemplary embodiment of the digital device of FIG. 1 featuring a cable card.

4 illustrates a detailed embodiment of a digital device implemented with a configurable cable card.

5 illustrates an exemplary embodiment of an encryption block of the configurable cable card of FIG.

FIG. 6 illustrates an exemplary embodiment of a core logic and a programmable logic device of an encryption block of the configurable cable card of FIG. 5.

7 illustrates an exemplary embodiment of an encryption block of the cable card of FIG.

8 illustrates another exemplary embodiment of an encryption block of the cable card of FIG.

9 illustrates an exemplary embodiment of an encryption block of the cable card of FIG.

Referring to FIG. 1, an exemplary embodiment of a secure content delivery system 100 is shown. The content delivery system 100 includes a relay station 110 that transmits program data to one or more digital devices. Such "program data" may include: (1) program specific information such as system information, entitlement control message (s), or entitlement management message (s); Or (2) a digital bit stream comprising one or more of the digital content.

More specifically, "digital content" can include images, audio, video, or any combination thereof. The content may be in scrambled format or explicit format. "System Information" (SI) can be played, retransmitted and / or recorded on the digital device 120, i.e., one of the digital devices, as well as information on the program name, broadcast time, source, and query and decoding method. Replication management commands that provide information to control how and when they are present. These copy management commands may also be sent with an entitlement control message (ECM), which is generally used to regulate access to a particular channel or service. The "Quality Management Message" (EMM) can be used to send a credential (often referred to as a "privilege") to the digital device 120. Examples of entitlements may include, but are not limited to, access rights or descrambling keys. The descrambling key is generally a code, which is required by the logic to explicitly recover data from the scrambled format based on the entitlement granted.

According to one embodiment of the invention, the cable card 124 is a network that handles both entitlement management and descrambling operations based on messages received and / or transmitted via an out-of-band (OOB) interface described in FIG. It can be implemented as a card. Of course, it is foreseen that the degree of security can be divided to characterize the descrambling operation, but the cable card 124 is adapted to communicate with a smart card that handles credential management.

As shown for this embodiment of the present invention, processor 114 located at relay station 110 receives and combines digital content with program specific information to generate program data. Program data (or a portion thereof) is processed by packet selection, by encrypting and / or replicating the selected packet, by modulating program data (or a portion thereof), or the like. The processed program data is transmitted from the relay station 110.

For example, when the target digital device 120 is a set top box in one direction, the processed program data is sent to the summing block 115. Summing block 115 may be adapted to combine information received from processor 114 and out-of-band transmitter 116, generally at a different frequency. Certain OOB originations such as, for example, EMMs or Electronic Program Guides (EPGs) are transmitted from OOB transmitter 116 to summing block 115. The summing block 115 may then generate a message with different frequency components for transmission to the public network, such as a hybrid coaxial fiber (HFC) network to which the digital device 120 is connected.

When the target digital device 120 in the cable system is deployed as a bidirectional set top box, the digital device 120 is in bidirectional communication with the cable modem transmission system (CMTS) 112. Thus, it is envisaged that summing block 115 and / or OOB transmitter 116 may be eliminated. Instead, certain OOB originations are transmitted between the relay station 110 and the digital device 120 via bidirectional communication facilitated by the CMTS 112.

As shown, in this embodiment of the present invention, the first interconnect 113 enables communication between the CMTS 112 and the digital device 120. Such communication may be, for example, in accordance with data regulations (DOCSIS) on the cable service interface. In addition, the CMTS 112 communicates with a second or alternative conditional access (CA) management block 117 via a second interconnect 118. Second interconnect 118 supports a Transmission Control Protocol / Internet Protocol (TCP / IP) communication protocol.

An alternative CA management block 117 forwards specific OOB origination (eg, EMM, EPG data, etc.) to the CMTS 112, which routes the OOB origination to the cable card 124. Similarly, control information, such as impulse pay-per-view (IPPV) data or even on-demand video (VOD) commands (eg, fast playback, rewind, stop, pause, etc.) may be used to manage alternative CAs from digital device 120. It may be returned to block 117. This control information can be used to control the operation of the processor 114.

As further shown in FIG. 1, when implemented as a set top box, the digital device 120 may be connected to other components within the content delivery system 100 via a third interconnect 125. The third interconnect 125 operates to transmit program data between the digital device 120 and other components in the content delivery system 100.

Depending on the product type corresponding to the digital device 120, the content delivery system 100 may include an audio system 200 coupled to the interconnect 125. A digital VCR 210, such as a D-VHS VCR, may also be connected to the digital device 120 and other components of the content delivery system 100 via a third interconnect 125.

The hard disk recording unit 220 may also be connected to the other device and the digital device 120 via the third interconnect 125. The display unit 230 may include a high definition television display, a monitor, or another device capable of processing digital video signals. Finally, control unit 240 may be connected to third interconnect 125. The control unit 240 may be used to integrate and remotely coordinate the operation of each component or some component on the content delivery system 100.

The digital content of the program data may be transmitted in scrambled form. In one embodiment, as part of the program data, access requirements may be sent to the digital device 120 (eg, set-top box) along with the scrambled content and used by the cable card 124. An “access requirement” is a limiting parameter used to determine whether digital device 120 implements conditional access functionality and is authorized to descramble scrambled content for viewing or listening purposes. For example, an access requirement may be a key needed to recognize (view and / or listen) to content, a service tag associated with a given content provider, or even specific descrambling software code.

When the scrambled program is received by the cable card 124, the access requirements for the program are compared with the entitlement associated with the digital device 120. Entitlement may indicate that digital device 120 is entitled to view / play content from a given content provider, such as a home box office (HBO), for example. The entitlement may also include one or more keys needed to descramble the incoming digital content. The qualification may also define a time period during which the cable card 124 can descramble the digital content.

Thus, in one embodiment, the access requirements and entitlements form part of the cable card 124 to determine whether the digital device 120 is authorized to watch a particular program. Access requirements may be sent using a packet identifier (PID) to a cable card 124 that is connected via interconnect 125. Each PID may include an access requirement associated with a given service. The content sent to the conditional access unit may also include a number of PIDs, thus enabling special revenue features, technical features, or other special features to be performed locally. The use of PID is fully described in co-pending published US patent application no. 10 / 037,499, filed January 2, 2002.

Referring now to FIG. 2, a first exemplary embodiment of digital device 120 is shown. The digital device 120 implemented as a one-way set top box includes a receiver 122 connected to the cable card 124. The digital device 120 additionally includes a host processing block 330 and an audio / video (A / V) processing block 360.

Here, for this embodiment, the receiver 122 includes an interface 300, a plurality of tuners 310, and a plurality of demodulators 320, collectively connected to the cable card 124. The host processing block 330 and the A / V processing block 350 communicate with the cable card 124.

The first tuner 312 is configured to tune to the first designated sub-frequency to recover digital content. When the digital content is modulated, the recovered digital content is routed to the first demodulator 322. According to one embodiment of the invention, first demodulator 322 performs structure amplitude demodulation (QAM) and routes the demodulated digital content to conditional access (CA) module 340 disposed within cable card 124. .

However, the second tuner 314 is configured to tune to the second designated sub-frequency to recover a constant OOB origin. The first and second sub-frequencys may be slightly different from each other, but are within a common frequency band. If the received OOB origin is modulated, it is routed to a second demodulator 324 that demodulates the OOB origin. According to one embodiment of the invention, the second demodulator 324 is digital to recover EMM, SI, EPG data, tables, or other data for transmission to the OOB processing block 345 of the cable card 124. Perform frequency QPSK. Of course, it is envisaged that one or more tuners 312 and 314 and one or more demodulators 322 and 324 may be disposed within the cable card 124.

The OOB processing block 345 filters the incoming message to recover the program data, and correspondingly passes the recovered program data to the CA module 340. In one example, one or more recovered EMMs may be passed from OOB processing block 345 to a CA module. Control data associated with the EMM may be used to process incoming digital content.

As further shown in FIG. 2, OOB processing block 345 communicates with host processing block 330 via extension channel 332. According to one embodiment, a copy protection key may be generated by a collective operation of the host processing block 330 and the OOB processing block 345 for use by the copy protection block 350. In addition, OOB processing block 345 routes EPG data to host processing block 330, which hosts digital device 120 to render EPG data along with the displayed digital content. Routing to processors and / or graphics chips disposed within. For example, EPG data can be overlaid on the displayed video.

A / V processing block 360 receives the digital content and processes the received digital content in a selected format. For example, when the digital content is video, the A / V processing block 360 may receive a digital video stream for conversion into a moving picture expert group (MPEG) packet. As another example, when the digital content is audio, the A / V processing block 360 may receive a digital audio stream for conversion to an MP3 packet.

Referring now to FIG. 3, a second exemplary embodiment of digital device 120 is shown. The digital device 120 implemented as a bidirectional set top box includes a first receiver 400 for receiving in-band digital content and a second receiver 402 for receiving OOB origin. The second receiver 402 is configured to support the DOCSIS communication protocol. Digital device 120 further includes a transmitter 406 configured to return information (eg, encryption key, device serial number, DOCSIS media access protocol “MAC” address, user profile, VOD instruction, etc.).

The first tuner 412 is configured to tune to the first designated sub-frequency to recover digital content. When the digital content is modulated, the recovered digital content is routed to the first demodulator 422. According to one embodiment of the invention, the first demodulator 422 performs structure amplitude demodulation (QAM) and routes the demodulated digital content to a conditional access (CA) module 440 disposed within the cable card 124. .

However, the second tuner 414 is configured to tune to the second specified sub-frequency to recover constant OOB origination through the DOCSIS interconnect 113. If the received OOB origin is modulated, it is routed to a second demodulator 424 that demodulates the OOB origin. According to one embodiment of the invention, the second demodulator 424 also performs QAM demodulation to recover the MAC address for the digital device 120. The recovered MAC address is used by DOCSIS MAC device 426 to confirm that the OOB origination has been sent to the proper location.

Once the MAC address is authenticated, DOCSIS MAc device 426 routes the OOB origin to host processing block 430. Host processing block 430 routes the copy protection key to OOB processing block 445 as well as the EMM for processing as described above.

Referring now to FIG. 4, an exemplary embodiment of a digital device 120 implemented with a configurable cable card 124 is shown. This communication is performed via the interface 500. The interface 500 includes an extended channel interface 510, an out of band (OOB) interface 530, and a data interface 550. According to one embodiment, the pin configuration of the interface 500 is the same as the standard PCMCIA interface. However, during power-up of the configurable cable card 124, a predetermined number of pins are reassigned to support OOB origination via the OOB interface 530.

As shown in this embodiment of the present invention, the extended channel interface 510 is configured to provide information to a host 505 (e.g., tuner 310/410, demodulator 320/420, host processing block 330/430). , Copy protection block 350/450 and A / V processing block 360/460} and cable card 124. For example, host 505 may send a message 412 to indicate its receiver type (eg, television receiver, set top box receiver, integrated receiver / decoder, etc.). Similarly, cablecard 124 may send message 514 to indicate its cablecard type. Upon determining that the host 505 is communicating with the cable card 124 after exchanging information, certain bits of the interface 500 are reconfigured to support out-of-band transmission and to act as the OOB interface 530.

Here, the OOB interface 530 may be implemented as a one-way communication path from the host 505 to the cable card 124. Program data transmitted via an OOB interface (eg, system information, EMM, etc.) may be modulated according to one of several modulation schemes. For example, program data may undergo QPSK modulation. Of course, it is envisaged that other modulation schemes may be performed. It is further envisaged that OOB interface 530 may support bidirectional communication (eg, bidirectional QPSK origination) instead of one way communication as shown.

As further shown in this embodiment of the present invention, the extended channel interface 510 enables one or more copy protection keys to be established. Generally, the copy protection key is derived by the exchange of information between the host 505 and the cable card 124. Either of these components can initiate the generation of a copy protection key.

Data interface 550 includes one or more multi-bit communication paths, including one or more scrambled digital content streams 552 received by cable card 124 for descrambling. In addition, one or more copy protection bit streams 554 may be transmitted from the cablecard 124 to the host 505. At least one copy protection bit stream features descrambled content from stream 552 that is encrypted using a previously negotiated copy protection key.

Referring again to FIG. 4, the cable card 124 includes a nonvolatile memory 560, an encryption block 565, an interface block 570, a volatile memory 575, and a coin cell 580. . Encryption block 565 may be configured to support multiple conditional access (CA) operations as described below.

Here, nonvolatile memory 560 is implemented as a secure memory (eg, flash memory) for storing information accessible by encryption block 565. Examples of such information stored in secure, nonvolatile memory 560 include keys, credentials, and codes.

The coin cell 580 is a battery that supplies power to a battery-backed memory disposed in the cable card 124. For example, a portion of volatile memory 575 can be battery operated to operate as nonvolatile memory.

The interface block 570 manages operations performed through the extended channel interface 410 and the OOB interface 430. Furthermore, interface block 570 may be configured to filter for a certain multicast Internet Protocol (IP) address, perhaps a few multicast IP addresses, for an enhancement management message (EMM).

Referring to FIG. 5, an exemplary embodiment of an encryption block 565 of a cable card 124 is shown. According to one embodiment, the encryption block 565 is configurable as a field-programmable gate array (FPGA). Of course, the encryption block 565 may be configured with an application specific IC (ASIC) or other configuration.

Encryption block 565 then includes core 600, internal clock oscillator 610, hardware accelerator 615, number generator 620, boot read-only memory (ROM) 625, scrambled ROM 630. Selected dual cryptographic logic 635, anti-tampering circuit 640, metal shield 645, secure nonvolatile memory (eg, battery operated RAM) 650, at least one configuration. Two or more of possible logic blocks 655, volatile memory 660, external memory controller 665, descrambler 670, and copy protection logic 675.

Core 600 is hardware configured to process data within encryption block 565. In communication with the configurable logic block, the core 600 may be a simple instruction executable computer (RISC) core. As an optional feature, core 600 may include cache memory of any selected size, such as, for example, 32 kilobytes.

Internal clock oscillator 610 prevents the external clock from hyper-clocking. In some circumstances, an error condition may be used to recover sensitive information from encryption block 565 by substantially increasing the clock frequency. By placing the internal clock oscillator 610, the risk associated with hyper-clocking is reduced. Internal clock oscillator 610 is coupled with at least core 600, hardware accelerator 615, and number generator 620.

Here, the hardware accelerator 615 is adapted to increase the calculation speed performed by the encryption block 565 when performing an encryption operation. According to one embodiment of the invention, the hardware accelerator 615 is adapted to an RSA accelerator.

Number generator 620 may be hardware and / or software used to generate data such as random numbers or pseudo-random numbers. This data is used by core 600 to generate session based keys or other unique encrypted data. Boot ROM 625 is firmware that is initially configured to provide general functionality to encryption block 565. The contents of the boot ROM 625 may be explicitly or scrambled with a sticky key.

The scrambled ROM 630 is firmware that contains scrambled information, which is scrambled information and subsequently by the core 600 and / or the descrambler 670 during initialization of the encryption block 565. Is processed. Such scrambled information may include algorithms, routines, and other data that is static in nature. This information is recovered by descrambling the scrambled information using the descrambled key supplied from the secure nonvolatile memory 650. Thus, if the encryption block 565 is tampered with and loses power to the secure nonvolatile memory 650, the content of the scrambled ROM 630 is lost.

Descrambler 670 is adapted to receive one or more digital content streams to descramble. Descrambling may be in accordance with DVB (64-bit), AES (128-bit), DES CBC or 3DES (168-bit).

The descrambled digital content is loaded into copy protection logic 675, which is then re-encrypted and output. The copy protection logic 675 features a copy protection algorithm, such as a data encryption standard electronic code book (DES ECB), and a copy protection key. The copy protection key is derived through communication between the host 505 of FIG. 4, in particular the host processing block and the encryption block 565. From this record, the copy protection scheme used by the cable and consumer electronics industries is called "DFAST".

The external memory controller 665 is adapted to access data stored in the nonvolatile memory 560 (eg, encrypted flash) of FIG. 4 and to decode the data before storing in the encryption block 565. For example, data may be stored in internal cache memory of core 600 or in volatile memory 660.

Tamper-proof circuit 640 is a circuit for preventing tampering. For example, as shown, the shield 645 may be formed of a conductive material through which the power is supplied to the safe nonvolatile memory 650. Thus, if metal shield 645 is removed or damaged, secure nonvolatile memory 650 may be powered off and all data stored in this memory will be lost. Another circuit includes an optical sensor, where the safe nonvolatile memory 650 will be shorted to ground when powered in a lighted environment.

Configurable logic block 655 is provided by two or more CA providers. According to one embodiment of the invention, the configurable logic block 655 cannot compile the gate; Rather, logic block 655 is an optical slice cell formed in the die that forms encryption block 565. During manufacturing, logic block 655 is configured.

For example, as shown in FIG. 6, logic blocks 655 ₁ and 655 ₂ are used and core logic 700 (eg, processor core 600 of FIG. 5 and the following components: internal clock oscillator 610, Hardware accelerator 615, number generator 620, boot ROM 625, scrambled ROM 630, selected dual cryptographic logic 635, tamper-resistant circuit 640, metal shield 645, secure non- Optionally one or more of volatile memory 650, volatile memory 660, external memory controller 665, descrambler 670 shared by logic blocks 655 ₁ and 655 ₂ , and copy protection logic 675. Component}. However, the logic block (655 ₃₎ will not be used by the cryptographic block 565. Thus, the logic block (655 ₃₎ are destroyed, such as one or impossible to use a laser to cut off the trace, the gate connections, power and ground connections, as illustrated may be performed to the inability (disablement) purposes. Cablecards implemented in this manner may allow service providers to switch from one CA provider to another using logic blocks that support the same cablecard.

Of course, the configurable logic block 655 may be implemented as a programmable logic device (PLD) or a field programmable gate array (FPGA) once programmed and battery powered. Thus, any power interruption provided by a power source (e.g., coin cell 580 of Figure 4), for example for probing and reverse engineering, may result in loss of data stored in the FPGA and / or PLD. Will cause. The FPGA or PLD can be keyed separately and written from flash memory during boot. Cablecards implemented in this manner will allow service providers to stock "empty" cablecards and configure them on-the-fly for certain systems with specific CA requirements. Can be.

Referring now to FIG. 7, an exemplary embodiment of an encryption block 565 of a cable card 124 is shown. The core logic 700 is a logic block communicates with _{(655 1 -655 N) (N≥1} ) a plurality of possible configurations through a common interface 710. Each configurable logic blocks (655 ₁ -655 _N) is produced by an optical mask cryptographic operation (e. G., Hashing, etc.), supports the scrambling and descrambling, and other functionality.

According to one embodiment of the invention, each of the configurable logic blocks (655 ₁ -655 _N) is there is adapted to the interface 710, the interface 710 a data bus (720 used by the core logic 700 ) And address bus 715. The data bus 720 may be divided into a data-in bus 725 and a data-out bus 730. The address bus 715 may be 8 bits wide, but the data bus 720 is collectively 16 bits wide.

Each configurable logic blocks (655 ₁ -655 _N) is characterized by a plurality of input. For example, for configurable logic block 655 ₁ , first input 740 receives power from a power source (eg, coin cell 580 of FIG. 4). The power may be disposed on the cable card 124 or may be supplied to the cable card by remote power. Second input 745 is ground. The third input 750 is a reset that resets the encryption block 565 when activated. The fourth input 755 is an input for receiving the clock signal CLK. For example, the clock signal may be supplied from the internal clock oscillator 610 of FIG. 5. The fifth input 760, when set, is an input for an enable signal that allows the configuration block logic 655 ₁ to function. Otherwise, the configuration block logic 655 ₁ is inactive. Enable input 760 may be used in place of or in addition to trace and connection breakage during manufacturing.

Referring now to FIG. 8, another exemplary embodiment of an encryption block 565 of a cable card is shown. Core logic 700 is in communication with programmable logic device (PLD) 800. PLD 800 includes a programmable gate that is programmed once and battery operated. The battery may be the coin cell 580 of FIG. 4 or other power source. Thus, any power interruption to the PLD 800 will cause the encryption block 565 to not work.

Referring now to FIG. 9, another exemplary embodiment of an encryption block 565 of a cable card 124 is shown. Core logic 700 is in communication with programmable logic device (PLD) 900. PLD 900 includes a programmable gate that is programmed at every power-up. However, a special descrambling key 910 is loaded once and stored in a nonvolatile memory (eg, secure nonvolatile memory 650 of FIG. 5). Thus, the encrypted data is descrambled by the descrambler 670 using the descrambling key 910 to program the PLD 900. Any power interruption to the PLD 900 will effectively result in the deletion of the descrambling key 910, and thus the encryption block 565 will not work.

In the foregoing description, the invention has been described with reference to certain exemplary embodiments of the invention. However, it will be apparent that various modifications and changes may be made without departing from the broader spirit and scope of the invention as set forth in the appended claims. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.

Embodiments of the present invention are applicable to the field of communications. More specifically, one embodiment of the present invention is available for a configurable module adapted to a digital device.

Claims (23)

A detachable security device with a PCMCIA interface for descrambling incoming scrambled content from a digital device, comprising: Core logic configured to store and descramble the incoming scrambled content; A first conditional access (CA) logic block coupled to core logic, the first conditional access (CA) logic block being used by the core logic to descramble the incoming scrambled content using a first conditional access function associated with a first conditional access provider. A first conditional access logic block; And A second conditional access logic block coupled to core logic, the second conditional used by the core logic to descramble the incoming scrambled content using a second conditional access function associated with a second conditional access provider Access logic block And the connection between the first conditional access logic block is disabled when the descrambling of the incoming scrambled content is to be done according to the second conditional access function. The method according to claim 1, And the detachable security device is a cable card connected to a set top box. The method according to claim 1, The core logic is, A processor core configured to process and control scrambled content; A secure nonvolatile memory accessible by a processor core, comprising: a secure nonvolatile memory for containing a key; And A nonvolatile memory accessible by a processor core, wherein the nonvolatile memory is for containing information in a scrambled format, the information being recovered using a key contained in a secure nonvolatile memory. And a removable security device having a PCMCIA interface. The method of claim 3, And wherein the core logic further comprises a descrambler shared by the first conditional access logic block and the second conditional access logic block to descramble the incoming scrambled content. The method of claim 3, And wherein each of the first conditional access logic block and the second conditional access logic block further comprises a descrambler to descramble the incoming data. The method of claim 3, The core logic further comprises a metal shield surrounding the processor core, the secure nonvolatile memory, and the nonvolatile memory, the shield being formed of a conductive material through which the power supply is supplied to a power-safe nonvolatile memory. Detachable security device provided. The method according to claim 6, A removable security device with a PCMCIA interface, wherein a key is deleted from the secure nonvolatile memory when power to the secure nonvolatile memory is interrupted due to tampering of the shield. The method according to claim 1, At least one of the first conditional access logic block and the second conditional access logic block is a one-time programmable logic device. The method according to claim 1, The at least one of the first conditional access logic block and the second conditional access logic block is a field programmable gate array. The method according to claim 1, And the first conditional access function is different from the second conditional access function. A detachable security device with a PCMCIA interface for descrambling incoming scrambled content from a digital device, comprising: Core logic configured to store and descramble the incoming scrambled content; And A plurality of conditional access logic blocks coupled to the core logic, the plurality of conditional access logic blocks comprising a first conditional access logic block and a second conditional access logic block, wherein the first conditional access logic block is associated with a first conditional access provider; Descramble the incoming scrambled content using a second conditional access logic block to descramble the incoming scrambled content using a second conditional access function associated with a second conditional access provider. Including logic blocks, The core logic selects a first conditional access logic block of a plurality of conditional access logic blocks when the security device is inserted into the digital device, and the core logic and the first when the core logic selects a first conditional access logic block. 2 Removable security device with a PCMCIA interface, wherein the connection between conditional access logic blocks is disabled. 12. The method of claim 11, The core logic further comprises a descrambler shared by the plurality of conditional access logic blocks to descramble the incoming scrambled content. 12. The method of claim 11, And each of the plurality of conditional access logic blocks further comprises a descrambler for descrambling the incoming data. 12. The method of claim 11, And each of the plurality of conditional access logic blocks is a field programmable gate array. 12. The method of claim 11, A removable security device with a PCMCIA interface, wherein each of the plurality of conditional access logic blocks is a one-time programmable logic device. The method of claim 15, And each of the plurality of conditional access logic blocks is battery-backed such that interruption of power causes all of the plurality of conditional access logic blocks to be inoperative. 12. The method of claim 11, And wherein each of the plurality of conditional access logic blocks is a programmable logic device that includes a programmable gate that is programmed at every power-up. 18. The method of claim 17, The core logic is, A battery operated nonvolatile memory for containing a descrambling key; And A descrambler coupled to battery-operated nonvolatile memory, the descrambler using a descrambling key to program the programmable gate of each of the plurality of conditional access logic blocks. And a removable security device having a PCMCIA interface. 12. The method of claim 11, And the detachable security device is a network card connected to the set top box. A detachable security device having a PCMCIA interface for connecting to a digital device and descrambling incoming scrambled content, comprising: Core logic configured to store and descramble the incoming scrambled content; And A programmable logic device comprising a plurality of programmable gates programmed to operate in accordance with one of a plurality of conditional access functions to descramble the incoming scrambled content, wherein the plurality of conditional access functions are configured to store the incoming scrambled content. A programmable logic device comprising a first conditional access function associated with a first conditional access provider for descrambling, And wherein the core logic operates according to the first conditional access function when the plurality of programmable gates are programmed according to a first conditional access function associated with a first conditional access provider. The method of claim 20, The programmable gate of the programmable logic device is programmable once and battery operated so that interruption of power causes the programmable logic device to become inoperative. The method of claim 20, The core logic is, A processor core configured to process and control scrambled content; A secure nonvolatile memory accessible by a processor core, comprising: a secure nonvolatile memory for containing a key; A nonvolatile memory accessible by a processor core, the nonvolatile memory being for containing information in a scrambled format, the information being recovered using a key contained in the secure nonvolatile memory; And A shield adapted to cover a processor core, a secure nonvolatile memory, and a nonvolatile memory, the shield being formed of a conductive material through which the power is supplied to the safe nonvolatile memory. Comprising a removable security device. The method of claim 20, The programmable security device of the programmable logic device is programmed at every power-up.

Images